Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry (CVE-2015-7713, CVE-2015-5286)

Summary IBM SmartCloud Entry is vulnerable to several OpenStack vulnerablities. An attacker can exploit these velnerabilities to launch further attacks on the system or to exhaust all available resources. Vulnerability Details CVEID: CVE-2015-7713 DESCRIPTION: OpenStack Nova could provide weaker...

Security Bulletin: Multiple vulnerabilities in sudo, glibc affect IBM SmartCloud Entry (CVE-2017-1000368 CVE-2017-1000366)

Summary Multiple vulnerabilities have been identified in sudo and glibc. Sudo and glibc are used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the vulnerabilities Vulnerability Details CVEID: CVE-2017-1000368 DESCRIPTION: sudo could allow a local attacker to gain elevated privileges...

Security Bulletin: Security vulnerability in Apache HTTP affects IBM SmartCloud Entry (CVE-2017-9798)

Summary IBM SmartCloud Entry has addressed the vulnerability in Apache HTTP. Following are the vulnerability details. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS...

Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry

Summary Multiple vulnerabilities have been identified in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util. coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util shipped with IBM SmartCloud Entry Appliance. IBM SmartCloud Entry Appliance has addressed the vulnerabilities...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry

Summary OpenSSL vulnerabilities were disclosed on 28th Jan 2016, March 1, 2016 ,May 3 2016 by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVEs - CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176...

Security Bulletin: Spice-server vulnerabilities affect IBM SmartCloud Entry (CVE-2016-0749 CVE-2016-2150 )

Summary SmartCloud Entry is vulerable to Spice-server vulnerabilities. Attackers could exploit them to cause improper bounds checking by smartcard interaction or bypass security restrictions Vulnerability Details CVEID: CVE-2016-0749 DESCRIPTION: Red Hat spice is vulnerable to a heap-based buffer...

Security Bulletin: Libxml2 vulnerabilities affect IBM SmartCloud Entry (CVE-2015-1819)

Summary IBM SmartCloud Entry is vulnerable to several libxml2 vulnerabilities. Remote attackers can exploit them to consume all available memory resources. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injecti...

Security Bulletin: Nss,Nss-util and Nspr vulnerabilities affect IBM SmartCloud Entry (CVE-2016-1978, CVE-2016-1979 )

Summary IBM SmartCloud Entry is vulnerable to multiple vulnerabilities in nss, nss-util and nspr. Attackers could exloit them using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. Vulnerability Details CVEID: CVE-2016-1978 DESCRIPTION: Mozil...

Security Bulletin: File vulnerabilities affect IBM SmartClound Entry

Summary IBM SmartCloud Entry is vulnerable to file vulnerabilities, An attacker could exploit these vulnerabilities to use a specially-crafted file to consume all available CPU resources, cause a denial of service, execute arbitrary code, or cause applications/executables to crash. CVE-2014-3538...

Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM SmartCloud Entry (CVE-2014-8121)

Summary IBM SmartCloud Entry is vulnerable to GNU C library glibc vulnerabilities. Remote attackers can exploit them to cause the application to enter into an infinite loop. Vulnerability Details CVEID: CVE-2014-8121 DESCRIPTION: GNU C Library glibc is vulnerable to a denial of service, caused by...

Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)

Summary IBM SmartCloud Entry is vulnerable to Python vulnerabilities. Attackers could exploit these vulnerabilities to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer, inject arbitrary HTTP headers...

Security Bulletin: Libtiff vulnerabilities affect IBM SmartClound Entry

Summary "IBM SmartCloud Entry is vulnerable to vulnerabilities in libtiff. An attacker could exploit these vulnerabilities to write data, cause a denial of service, execute arbitrary codes, or cause crashes. CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547...

Security Bulletin: Pam vulnerability affects IBM SmartCloud Entry (CVE-2015-3238)

Summary IBM SmartCloud Entry is vulnerable to a pam vulnerability, which allows a local attacker exploit this vulnerability to enumerate user names and cause the system to hang. Vulnerability Details CVEID: CVE-2015-3238 DESCRIPTION: Linux-PAM could allow a local attacker to obtain sensitive...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306...

Security Bulletin: OpenSSL vulnerabilities affect IBM SmartCloud Entry

Summary IBM SmartCloud Entry is vulnerable to several OpenSSL vulnerabilities, attackers could exploit them to cause a denial of service or execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...

Security Bulletin: Grep vulnerabilities affect IBM SmartCloud Entry (CVE-2012-5667)

Summary IBM SmartCloud Entry is vulnerable to several Grep vulnerabilities. Remote attackers can exploit them to obtain sensetive information or launch further attacks on the system. Vulnerability Details CVEID: CVE-2012-5667 DESCRIPTION: grep is vulnerable to a heap-based buffer overflow, caused...

Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-5163 CVE-2015-3241 CVE-2015-5223)

Summary IBM SmartCloud Entry is vulnerable to several Openstack vulerabilities, which allow remote attackers exploit these vulnerabilitise to obtain sensitive information or cause a denial of service. Vulnerability Details CVEID: CVE-2015-3241 DESCRIPTION: OpenStack Nova is vulnerable to a denial...

Security Bulletin: Nss-util vulnerabilities affect IBM SmartCloud Entry( CVE-2016-1950 )

Summary IBM SmartCloud Entry is vulnerable to a nss-tuil vulnerability, attackers could exploit it to cause the application to crash. Vulnerability Details CVEID: CVE-2016-1950 DESCRIPTION: Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when the...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.5 used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with th...

Security Bulletin: glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

Summary IBM SmartCloud Entry is vulnerable to a glic vulnerability, which allows a romote attacker overflow a buffer and cause the application to crash. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper...